satandsmt.stpetersburg

SAT and Satisﬁability Modulo Theories
Roberto Bruttomesso
roberto.bruttomesso@gmail.com
University of Lugano, Switzerland
(Universit`a della Svizzera Italiana)
St.Petersburg
September 18, 2010
Roberto Bruttomesso (USI) SAT and SMT St. Petersburg 18/09/10 1 / 32

Outline
1 Introduction
2 SAT
SAT and SAT-Solvers
The DPLL Procedure
The Enhanced DPLL Procedure
Conﬂict Analysis and Learning
3 SMT
From SAT to SMT
The Eager Approach
The Lazy Approach
The Theory Solver
4 Conclusive Remarks

Eﬃcient Solvers as Core Engines
SAT
SMT
Theorem Proving
BDDs
Testing
Automated
Model
Checking
Checking
Equiv.
Planning
Dependency
Analysis
Security

Bird’s Eye View
expressiveness
efficiency
decidable
undecidable
BDDs SAT−Solvers
SMT−Solvers
First Order Theorem Provers

SAT
• SAT is the Boolean Satisﬁability Problem

SAT
• A set of Boolean variables {a, b, . . .} which may assume values in
{⊥, }

SAT
{⊥, }
• A set of Boolean operators {∧, ∨, ¬, . . .} with known semantic (e.g.
∧ ⊥ is ⊥)

SAT
{⊥, }
∧ ⊥ is ⊥)
• Given a formula ϕ, is there an assignment to the variables such that
ϕ evaluates to ?

SAT
{⊥, }
∧ ⊥ is ⊥)
ϕ evaluates to ?
• E.g. (a ∨ b) ∧ (¬a ∨ ¬b) is satisﬁed by the assignment a = , b = ⊥

SAT
{⊥, }
∧ ⊥ is ⊥)
ϕ evaluates to ?
• Simple formulation, but enormous relevance in computer science

SAT
{⊥, }
∧ ⊥ is ⊥)
ϕ evaluates to ?
• “Classical” NP-Complete problem

SAT
{⊥, }
∧ ⊥ is ⊥)
ϕ evaluates to ?
• “Classical” NP-Complete problem
• A lot of practical problems can be encoded in SAT

The DPLL Procedure
• Remember SAT is NP-Complete

The DPLL Procedure
• Still, SAT-Solvers are extremely eﬃcient tools (nowadays), and can
handle (within reasonable time) hundred thousands of variables and
clauses∗

The DPLL Procedure
clauses∗
• SOTA Solvers are based on the DPLL procedure (Davis Putnam
Loveland Longman, ∼1960)

The DPLL Procedure
clauses∗
• SOTA Solvers are based on the DPLL procedure (Davis Putnam
Loveland Longman, ∼1960)
• DPLL assumes the input as a CNF , i.e. a set of clauses , each
clause being a disjuntion of variables or negated variables
(a ∨ ¬b)
(c ∨ ¬a ∨ b)
. . .

The DPLL Procedure
Splitting and Backtracking
(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b)

The DPLL Procedure
(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b)
a =
Splitting on a =

The DPLL Procedure
(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b)
b =
a =
Splitting on b =

The DPLL Procedure
(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b)
b =
a =

The DPLL Procedure
(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b)
b = ⊥b =
a =
Backtracking on b = ⊥

The DPLL Procedure
(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b)
b = ⊥b =
a =

The DPLL Procedure
(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b)
a = ⊥
b = ⊥b =
a =
Backtracking on a = ⊥

The DPLL Procedure
(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b)
b =
a = ⊥
b = ⊥b =
a =
Splitting on b =

The DPLL Procedure
(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b)
b =
a = ⊥
b = ⊥b =
a =

The DPLL Procedure
(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b)
b = ⊥b =
a = ⊥
b = ⊥b =
a =
Backtracking on b =

The DPLL Procedure
(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b)
b = ⊥b =
a = ⊥
b = ⊥b =
a =
No more paths to explore: formula unsatisﬁable

Enhancements
• Splitting heuristics : choosing the “right” variable to split upon can
make a great diﬀerence

Enhancements
• Unit propagation : if a clause has all literals but one to ⊥, assign
the remaining literal to

Enhancements
• E.g.: the assignment a = , b = ⊥ in (¬a ∨ b ∨ c) triggers c = .
Otherwise the clause cannot be satisﬁed

Enhancements
• A set of unit propagations may result in a conﬂict . E.g. a = ,
b = ⊥
(¬a ∨ b ∨ c), (¬a ∨ ¬c)

Enhancements
• A set of unit propagations may result in a conflict . E.g. a = ,
b = ⊥
(¬a ∨ b ∨ c), (¬a ∨ ¬c)
• Conflict-Driven Clause Learning (mid ’90s): conflict is analyzed
and a new (implied) clause is derived and added to the problem.
Huge impact on SAT-Solvers performance

(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b)

(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b)
a =
Splitting on a =

(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b)
b =
a =
Unit Propagation on b =

(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b) (¬a)
b =
a =
Conﬂict analysis: (¬a ∨ b) ⊗ (¬a ∨ ¬b) ⇒ (¬a)

(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b) (¬a)
a = ⊥
b =
a =
Unit Propagation on a = ⊥

(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b) (¬a)
b =
a = ⊥
b =
a =
Unit Propagation on b =

(a ∨ b) (¬a ∨ b) (a ∨ ¬b) (¬a ∨ ¬b) (¬a)
b =
a = ⊥
b =
a =
Conﬂict without splitting: formula unsatisﬁable

The Enhanced DPLL Procedure (simpliﬁed)
while( not all variables assigned )
{
if ( UnitPropagation( ) == CONFLICT ) // DEDUCTION PHASE
{
level = ConflictAnalysisAndLearning( ) // DIAGNOSE+LEARN PHASE
if ( level == 0 )
return UNSAT
else
Backtrack( level )
}
else
Split( ) // DECIDE PHASE
}
return SAT

. . . after a shot of UnitPropagation( )
Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .
l = . . .
m = . . .

Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .
l = . . .
m = . . .
a = SPLIT

Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .
l = . . .
m = . . .
a = SPLIT
b = (¬a ∨ b)

Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .
l = . . .
m = . . .
a = SPLIT
b = (¬a ∨ b)
c = (¬a ∨ c ∨ i)

Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .
l = . . .
m = . . .
a = SPLIT
b = (¬a ∨ b)
c = (¬a ∨ c ∨ i)
d = (¬b ∨ ¬c ∨ d)

Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .
l = . . .
m = . . .
a = SPLIT
b = (¬a ∨ b)
c = (¬a ∨ c ∨ i)
d = (¬b ∨ ¬c ∨ d)
e = (¬d ∨ e ∨ j)

Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .
l = . . .
m = . . .
a = SPLIT
b = (¬a ∨ b)
c = (¬a ∨ c ∨ i)
d = (¬b ∨ ¬c ∨ d)
e = (¬d ∨ e ∨ j)
f = (¬d ∨ f ∨ k)

Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .
l = . . .
m = . . .
a = SPLIT
b = (¬a ∨ b)
c = (¬a ∨ c ∨ i)
d = (¬b ∨ ¬c ∨ d)
e = (¬d ∨ e ∨ j)
f = (¬d ∨ f ∨ k)
(¬e ∨ ¬f )

Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .
l = . . .
m = . . .
a = SPLIT
b = (¬a ∨ b)
c = (¬a ∨ c ∨ i)
d = (¬b ∨ ¬c ∨ d)
e = (¬d ∨ e ∨ j)
f = (¬d ∨ f ∨ k)
(¬e ∨ ¬f ) (¬d ∨ f ∨ k)
f
(¬e ∨ ¬d ∨ k)

Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .
l = . . .
m = . . .
a = SPLIT
b = (¬a ∨ b)
c = (¬a ∨ c ∨ i)
d = (¬b ∨ ¬c ∨ d)
e = (¬d ∨ e ∨ j)
f = (¬d ∨ f ∨ k)
(¬e ∨ ¬f ) (¬d ∨ f ∨ k)
f
(¬e ∨ ¬d ∨ k) (¬d ∨ e ∨ j)
e
(¬d ∨ j ∨ k)

Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .
l = . . .
m = . . .
a = SPLIT
b = (¬a ∨ b)
c = (¬a ∨ c ∨ i)
d = (¬b ∨ ¬c ∨ d)
e = (¬d ∨ e ∨ j)
f = (¬d ∨ f ∨ k)
(¬e ∨ ¬f ) (¬d ∨ f ∨ k)
f
(¬e ∨ ¬d ∨ k) (¬d ∨ e ∨ j)
e
(¬d ∨ j ∨ k) (¬b ∨ ¬c ∨ d)
d
(¬b ∨ ¬c ∨ j ∨ k)

Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .
l = . . .
m = . . .
a = SPLIT
b = (¬a ∨ b)
c = (¬a ∨ c ∨ i)
d = (¬b ∨ ¬c ∨ d)
e = (¬d ∨ e ∨ j)
f = (¬d ∨ f ∨ k)
(¬e ∨ ¬f ) (¬d ∨ f ∨ k)
f
(¬e ∨ ¬d ∨ k) (¬d ∨ e ∨ j)
e
(¬d ∨ j ∨ k) (¬b ∨ ¬c ∨ d)
d
(¬b ∨ ¬c ∨ j ∨ k) (¬a ∨ c ∨ i)
c
(¬b ∨ ¬a ∨ j ∨ k ∨ i)

Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .
l = . . .
m = . . .
a = SPLIT
b = (¬a ∨ b)
c = (¬a ∨ c ∨ i)
d = (¬b ∨ ¬c ∨ d)
e = (¬d ∨ e ∨ j)
f = (¬d ∨ f ∨ k)
(¬e ∨ ¬f ) (¬d ∨ f ∨ k)
f
(¬e ∨ ¬d ∨ k) (¬d ∨ e ∨ j)
e
(¬d ∨ j ∨ k) (¬b ∨ ¬c ∨ d)
d
(¬b ∨ ¬c ∨ j ∨ k) (¬a ∨ c ∨ i)
c
(¬b ∨ ¬a ∨ j ∨ k ∨ i) (¬a ∨ b)
b
(¬a ∨ j ∨ k ∨ i)

Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
(¬a ∨ j ∨ k ∨ i)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .

Clause set
(¬a ∨ b)
(¬a ∨ c ∨ i)
(¬b ∨ ¬c ∨ d)
(¬d ∨ e ∨ j)
(¬d ∨ f ∨ k)
(¬e ∨ ¬f )
(a ∨ g ∨ ¬l)
(a ∨ h)
(¬g ∨ ¬h ∨ ¬m)
(¬a ∨ j ∨ k ∨ i)
Assignment Reason
i = ⊥ . . .
j = ⊥ . . .
k = ⊥ . . .
a = ⊥ (¬a ∨ j ∨ k ∨ i)

Importance of Learning
• Conﬂict analysis is important to understand where to backtrack in the
search

search
• Learning a clause (a ∨ b ∨ ¬c) prevents the SAT-Solver to search all
the assignments of the form {a = ⊥, b = ⊥, c = , . . .}

search
• It is an exponential pruning of the search space ! There are 2n−3
such assignments, where n is the number of variables in the problem

search
• It is an exponential pruning of the search space ! There are 2n−3
such assignments, where n is the number of variables in the problem
• We can refer to a learnt clause as to a blocking clause .
Understanding this mechanism is crucial to understand SMT as well

SMT: Satisﬁability Modulo Theories
In SMT we have
• A (decidable) theory T (e.g. linear integer arithmetic), over a
signature Σ (e.g. {+, −, ≤, =, 0, 1, . . .})

In SMT we have
signature Σ (e.g. {+, −, ≤, =, 0, 1, . . .})
• A set of Boolean variables a, b, . . ., with values in {⊥, } and a set
Theory variables x, y, . . . that may assume values in the domain of
T (e.g. Z)

In SMT we have
signature Σ (e.g. {+, −, ≤, =, 0, 1, . . .})
T (e.g. Z)
• A theory atom is a predicate in T (e.g. x + y < 3)

In SMT we have
signature Σ (e.g. {+, −, ≤, =, 0, 1, . . .})
T (e.g. Z)
• Given a formula ϕ in T, is there an assignment to the Boolean and
Theory variables such that ϕ evaluates to ?

In SMT we have
signature Σ (e.g. {+, −, ≤, =, 0, 1, . . .})
T (e.g. Z)
• Given a formula ϕ in T, is there an assignment to the Boolean and
Theory variables such that ϕ evaluates to ?
• E.g. ((x + y = 3 ∨ ¬a) ∧ y ≤ 1), is satisﬁed, for instance, by the
assignment {x = 2, y = 1, a = }

The Eager Approach
• Reduce the SMT problem to a purely SAT problem

The Eager Approach
• Step 1: compute the Boolean abstraction of the problem

The Eager Approach
• Step 2: exhaustively add blocking clauses representing theory incompatibilities

The Eager Approach
• Step 3: send the formula to a SAT-Solver

The Eager Approach
(x − y ≤ 3 ∨ x − y ≤ −1)
(y − z ≤ 5 ∨ y − z ≤ 4)
(z − x ≤ −15)

The Eager Approach
(a ∨ x − y ≤ −1)
(y − z ≤ 5 ∨ y − z ≤ 4)
(z − x ≤ −15)
a ≡ x − y ≤ 3

The Eager Approach
(a ∨ b)
(y − z ≤ 5 ∨ y − z ≤ 4)
(z − x ≤ −15)
a ≡ x − y ≤ 3
b ≡ x − y ≤ −1

The Eager Approach
(a ∨ b)
(c ∨ d)
(e)
a ≡ x − y ≤ 3
b ≡ x − y ≤ −1
c ≡ y − z ≤ 5
d ≡ y − z ≤ 4
e ≡ z − x ≤ −15

The Eager Approach
(a ∨ b)
(c ∨ d)
(e)
a ≡ x − y ≤ 3
b ≡ x − y ≤ −1
c ≡ y − z ≤ 5
d ≡ y − z ≤ 4
e ≡ z − x ≤ −15
Consider
(a) x − y ≤ 3
(c) y − z ≤ 5
(e) z − x ≤ −15
0 ≤ −7

The Eager Approach
(a ∨ b)
(c ∨ d)
(e)
(¬a ∨ ¬c ∨ ¬e)
a ≡ x − y ≤ 3
b ≡ x − y ≤ −1
c ≡ y − z ≤ 5
d ≡ y − z ≤ 4
e ≡ z − x ≤ −15
Consider
(a) x − y ≤ 3
(c) y − z ≤ 5
(e) z − x ≤ −15
0 ≤ −7
i.e. a ∧ c ∧ e is unsatisﬁable in T
i.e. (¬a ∨ ¬c ∨ ¬e) is valid in T

The Eager Approach
(a ∨ b)
(c ∨ d)
(e)
(¬a ∨ ¬c ∨ ¬e)
(¬a ∨ ¬d ∨ ¬e)
a ≡ x − y ≤ 3
b ≡ x − y ≤ −1
c ≡ y − z ≤ 5
d ≡ y − z ≤ 4
e ≡ z − x ≤ −15

The Eager Approach
(a ∨ b)
(c ∨ d)
(e)
(¬a ∨ ¬c ∨ ¬e)
(¬a ∨ ¬d ∨ ¬e)
. . .
a ≡ x − y ≤ 3
b ≡ x − y ≤ −1
c ≡ y − z ≤ 5
d ≡ y − z ≤ 4
e ≡ z − x ≤ −15

The Eager Approach
(a ∨ b)
(c ∨ d)
(e)
(¬a ∨ ¬c ∨ ¬e)
(¬a ∨ ¬d ∨ ¬e)
. . .
(a ∨ ¬b)
. . .
a ≡ x − y ≤ 3
b ≡ x − y ≤ −1
c ≡ y − z ≤ 5
d ≡ y − z ≤ 4
e ≡ z − x ≤ −15

The Eager Approach
(a ∨ b)
(c ∨ d)
(e)
(¬a ∨ ¬c ∨ ¬e)
(¬a ∨ ¬d ∨ ¬e)
. . .
(a ∨ ¬b)
. . .
The SAT formula is satisﬁable iﬀ the original
SMT formula is.

The Eager Approach
Drawbacks
• Inconsistencies between theory atoms have to be computed upfront
• There are exponentially many potential inconsistencies to test

The Eager Approach
Drawbacks
• However in general only a small subset of all inconsistencies is
suﬃcient to determine the satisﬁability of an SMT formula

The Eager Approach
Drawbacks
• However in general only a small subset of all inconsistencies is
suﬃcient to determine the satisﬁability of an SMT formula
• From eager to lazy: try to add clauses “lazily” to the Boolean
abstraction

The Lazy or DPLL(T) approach
((x + y = 3 ∨ ¬a) ∧ y ≤ 1)
• Decision procedures for T are usually available for conjunctions
of constraints. Examples
• Union-ﬁnd for Equality with Uninterpreted Functions
• Simplex algorithm for Linear Rational Arithmetic
• . . .
• However disjunction has to be taken into account . . .

The Lazy or DPLL(T) approach
((x + y = 3 ∨ ¬a) ∧ y ≤ 1)
• Decision procedures for T are usually available for conjunctions
of constraints. Examples
• Union-ﬁnd for Equality with Uninterpreted Functions
• Simplex algorithm for Linear Rational Arithmetic
• . . .
• However disjunction has to be taken into account . . .
• Idea: use a SAT-Solver to enumerate potential propositional
assignments, and use Theory-Solver to check feasibility in T

The Lazy Approach
• Enumerate Boolean combinations of theory atoms and check them w.r.t. the theory T

The Lazy Approach

The Lazy Approach
• Repeat
• Step 2: guess a Boolean assignment
• Step 3: check the assignment w.r.t. T
• Step 4: add a blocking clause if the assignemt is not consistent in T

The Lazy Approach
• Repeat
(x − y ≤ 3 ∨ x − y ≤ −1)
(y − z ≤ 5 ∨ y − z ≤ 4)
(z − x ≤ −15)
SAT-Solver Theory-Solver

The Lazy Approach
• Repeat
(a ∨ x − y ≤ −1)
(y − z ≤ 5 ∨ y − z ≤ 4)
(z − x ≤ −15)
a ≡ x − y ≤ 3

The Lazy Approach
• Repeat
(a ∨ b)
(y − z ≤ 5 ∨ y − z ≤ 4)
(z − x ≤ −15)
a ≡ x − y ≤ 3
b ≡ x − y ≤ −1

The Lazy Approach
• Repeat
(a ∨ b)
(c ∨ d)
(e)
a ≡ x − y ≤ 3
b ≡ x − y ≤ −1
c ≡ y − z ≤ 5
d ≡ y − z ≤ 4
e ≡ z − x ≤ −15

The Lazy Approach
• Repeat
(a ∨ b)
(c ∨ d)
(e)
a ≡ x − y ≤ 3
b ≡ x − y ≤ −1
c ≡ y − z ≤ 5
d ≡ y − z ≤ 4
e ≡ z − x ≤ −15
SAT-Solver
e =
Theory-Solver
z − x ≤ −15

The Lazy Approach
• Repeat
(a ∨ b)
(c ∨ d)
(e)
a ≡ x − y ≤ 3
b ≡ x − y ≤ −1
c ≡ y − z ≤ 5
d ≡ y − z ≤ 4
e ≡ z − x ≤ −15
SAT-Solver
a =
e =
Theory-Solver
z − x ≤ −15
x − y ≤ 3

The Lazy Approach
• Repeat
(a ∨ b)
(c ∨ d)
(e)
a ≡ x − y ≤ 3
b ≡ x − y ≤ −1
c ≡ y − z ≤ 5
d ≡ y − z ≤ 4
e ≡ z − x ≤ −15
SAT-Solver
c =
a =
e =
Theory-Solver
z − x ≤ −15
x − y ≤ 3
y − z ≤ 5

The Lazy Approach
• Repeat
(a ∨ b)
(c ∨ d)
(e)
(¬a ∨ ¬c ∨ ¬e)
a ≡ x − y ≤ 3
b ≡ x − y ≤ −1
c ≡ y − z ≤ 5
d ≡ y − z ≤ 4
e ≡ z − x ≤ −15
SAT-Solver
c =
a =
e =
Theory-Solver
z − x ≤ −15
x − y ≤ 3
y − z ≤ 5

{
if ( UnitPropagation( ) == CONFLICT ) // DEDUCTION PHASE
{
if ( level == 0 )
return UNSAT
else
Backtrack( level )
}
else
}
return SAT

{
if ( UnitPropagation( ) == CONFLICT // DEDUCTION PHASE
|| CheckTheory( ) == CONFLICT ) // CALLS THEORY SOLVER
{
if ( level == 0 )
return UNSAT
else
Backtrack( level )
}
else
}
return SAT

The Theory Solver
• Keeps a set of active constraints, that are received and dropped in a
stack-based manner
• From time to time checks whether the set is theory-consistent

The Theory Solver
stack-based manner
• The Theory Solver performance is crucial for the overall SMT-Solver
performance

The Theory Solver
stack-based manner
• The Theory Solver performance is crucial for the overall SMT-Solver
performance
• (Some) Desirable features:
• Incrementality & Backtrackability
• Conﬂict Producing
• Theory Propagation

A Theory Solver for Diﬀerence Logics
• In Diﬀerence Logic theory atoms are of the form
x − y ≤ c
where x and y are integer or rational variables, and c is a constant
• Useful to encode, for instance, scheduling problems and timed
automata

x − y ≤ c
automata
• The problem of checking satisﬁability can be turned into ﬁnding
negative cycles in a directed weighted graph

x − y ≤ c
automata
• The problem of checking satisﬁability can be turned into ﬁnding
negative cycles in a directed weighted graph
• Each variable is encoded as a node. A constraint x − y ≤ c is
encoded into the arc
y
c
x

Example:
x − y ≤ 8
y − z ≤ −1
x − z ≤ −6
z − w ≤ 2
w − x ≤ −10
w − t ≤ 0
t − x ≤ 3
yx
−1
2
8
−6
z
wt
0
3 −10

Example:
x − y ≤ 8
y − z ≤ −1
x − z ≤ −6
z − w ≤ 2
w − x ≤ −10
w − t ≤ 0
t − x ≤ 3
————–
0 ≤ −1
yx
−1
2
8
−6
z
wt
0
3 −10

Incremental Solving
• The ability of solving theory atoms incrementally, is extremely
important for eﬃciency
• The Theory-Solver “receives” theory atoms from the SAT-Solver
incrementally. A set of successful theory consistency checks is
therefore performed on a growing set of constraints
S0 ⊂ S1 ⊂ . . . ⊂ Sn
• When checking the consistency of Si we want the solver to reuse the
eﬀort of step Si−1

Incremental Solving in Diﬀerence Logic
• In Diﬀerence Logic incremental consistency check can be performed
with a SSSP algorithm (single source shortest path), such as the
Bellman-Ford algorithm or its variations
x − y ≤ 8
y − z ≤ −1
z − x ≤ −6
z − w ≤ 2
w − x ≤ −9
y
−1
2
8
−6
z
−9
x
w

x − y ≤ 8
y − z ≤ −1
z − x ≤ −6
z − w ≤ 2
w − x ≤ −9
?0
−1
2
8
−6
?
?
−9

x − y ≤ 8
y − z ≤ −1
z − x ≤ −6
z − w ≤ 2
w − x ≤ −9
0
−1
2
8
−6
?
?
−9
8

x − y ≤ 8
y − z ≤ −1
z − x ≤ −6
z − w ≤ 2
w − x ≤ −9
0
−1
2
8
−6
?
−9
8
7

x − y ≤ 8
y − z ≤ −1
z − x ≤ −6
z − w ≤ 2
w − x ≤ −9
0
−1
2
8
−6
−9
8
7
9

x − y ≤ 8
y − z ≤ −1
z − x ≤ −6
z − w ≤ 2
w − x ≤ −9
w − t ≤ 0
t − x ≤ −10
?
0
−10
0
−1
2
8
−6
−9
8
7
9

x − y ≤ 8
y − z ≤ −1
z − x ≤ −6
z − w ≤ 2
w − x ≤ −9
w − t ≤ 0
t − x ≤ −10
0
−10
9
0
−1
2
8
−6
−9
8
7
9

x − y ≤ 8
y − z ≤ −1
z − x ≤ −6
z − w ≤ 2
w − x ≤ −9
w − t ≤ 0
t − x ≤ −10
0
−10
9
−1
2
8
−6
−9
8
7
9
−1

x − y ≤ 8
y − z ≤ −1
z − x ≤ −6
z − w ≤ 2
w − x ≤ −9
w − t ≤ 0
t − x ≤ −10
0
−10
9
−1
2
8
−6
−9
7
6
9
−1

Retrieving Conflict
• The set of conflicting atoms is usually a small subset of all the set of
atoms under consideration
• The smaller the confict, the better (more search space is pruned away)
• In Difference Logic it is sufficient to keep track of a parent
information in the graph
x − y ≤ 8
y − z ≤ −1
z − x ≤ −6
z − w ≤ 2
w − x ≤ −9
w − t ≤ 0
t − x ≤ −10
0
−10
9
−1
2
8
−6
−9
7
6
9
−1

Theory Propagation
• We use the current state of the Theory Solver to infer the truth of
other theory atoms
• (it is the “theory” counterpart of UnitPropagation for Booleans)

Theory Propagation
other theory atoms
• Suppose we have the following situation:
• x − y ≤ 1 and y − z ≤ 2 are both assigned to
• x − z ≤ 5 is part of the initial formula but is currently not assigned a
value by the SAT-Solver

Theory Propagation
other theory atoms
• However we know that (x − y ≤ 1 ∧ y − z ≤ 2) → (x − z ≤ 5)

Theory Propagation
other theory atoms
• (or, in clausal form (¬(x − y ≤ 1) ∨ ¬(y − z ≤ 2) ∨ (x − z ≤ 5)))

Theory Propagation
other theory atoms
• Adding the clause to the SAT-Solver will cause the atom (x − z ≤ 5)
to be assigned to

Theory Propagation
other theory atoms
• Adding the clause to the SAT-Solver will cause the atom (x − z ≤ 5)
to be assigned to
constraint is not assigned
y
z
1 2
5
x

Summing up
• Lazy SMT is the eﬃcient combination of
• SAT-Solving techniques (DPLL procedure)
• Decision procedures for decidable ﬁrst order theories

Summing up
• Intuitively, the SAT-Solver guesses a particular assignment of theory
atoms

Summing up
atoms
• while the Theory-Solver checks whether the assignment is correct in
the theory

Summing up
atoms
• while the Theory-Solver checks whether the assignment is correct in
the theory
• The Theory-Solver can communicate with SAT by means of clauses
that represent valid statements in the theory

Summing up
The Theory-Solver is required to
• Solve theory atoms incrementally
• Produce conﬂicts
• Produce theory propagations (deduce thruth value of unassigned
theory atoms, based on the currently assigned ones)

Some theories of interest in Formal Veriﬁcation
• Equality and Uninterpreted Functions [19, 15]
• Diﬀerence Logics [18, 12, 6]
• Linear Rational Arithmetic [6, 16]
• Linear Integer Arithmetic [6, 16]
• Bit-Vectors [17, 2, 7, 11]
• Arrays [4, 2, 14]
• Combination of Theories [15, 5, 9]

Some available SMT-Solvers
• Barcelogic, (Barcelona, Spain) [3]
• CVC3, (NYU, New York, USA) [1]
• MathSAT, (FBK, Trento (Italy) [8]
• OpenSMT, (Lugano, Switzerland) [10]
• Yices, (SRI International, USA)
• Z3, (Microsoft Research, Redmond, USA) [13]

SMT-LIB
• The SMT-LIB (www.smtlib.org) is an initiative that
promotes the collection of SMT benchmarks, and the
definition of a common input language for SMT-Solvers
• The SMT-COMP is an annual competition of SMT-Solvers on
a common set of benchmarks. Usually affiliated with
CAV or CADE conferences (www.smtcomp.org)

C. Barrett and C. Tinelli.
CVC3.
In CAV’07, 2007.
A. Biere and R. Brummayer.
The Boolector SMT Solver.
In TACAS, 2009.
M. Boﬁll, R. Nieuwenhuis, A. Oliveras, E. Rodr´ıguez Carbonell, and
A. Rubio.
The Barcelogic SMT Solver.
In A. Gupta and S. Malik, editors, CAV’08, volume 5123 of Lecture
Notes in Computer Science, pages 294–298. Springer, 2008.
M. Boﬁll, R. Nieuwenhuis, A. Oliveras, E. Rodrguez-Carbonell, and
A. Rubio.
A Write-Based Solver for SAT Modulo the Theory of Arrays.
In FMCAD, pages 101–108, 2008.
M. Bozzano, R. Bruttomesso, A. Cimatti, T. Junttila, S. Ranise,
P. van Rossum, and R. Sebastiani.

Efficient Theory Combination via Boolean Search.
Information Computation, 204(10):1493–1525, 2006.
M. Bozzano, R. Bruttomesso, A. Cimatti, T. Junttila, P. van Rossum,
S. Schulz, and R. Sebastiani.
MathSAT: Tight Integration of SAT and Mathematical Decision
Procedures.
JAR, 35(1-3):265–293, 2005.
R. Bruttomesso, A. Cimatti, A. Franzen, A. Griggio, Z. Hanna,
A. Nadel, A. Palti, and R. Sebastiani.
A Lazy and Layered SMT(BV) Solver for Hard Industrial Verification
Problems.
In CAV, pages 247–260, 2007.
R. Bruttomesso, A. Cimatti, A. Franzén, A. Griggio, and
R. Sebastiani.
The MathSAT 4 SMT Solver.
In CAV, pages 299–303, 2008.

R. Bruttomesso, A. Cimatti, A. Franzen, A. Griggio, and
R. Sebastiani.
Delayed theory combination vs. Nelson-Oppen for satisfiability modulo
theories: a comparative analysis.
Annals of Mathematics and Artificial Intelligence, 2009.
R. Bruttomesso, E. Pek, N. Sharygina, and A. Tsitovich.
The OpenSMT Solver.
In TACAS, 2010.
R. Bruttomesso and N. Sharygina.
A Scalable Decision Procedure for Fixed-Width Bit-Vectors.
In ICCAD, 2009.
S. Cotton and O. Maler.
Fast and Flexible Difference Constraint Propagation for DPLL(T).
In SAT’06, pages 170–183, 2006.
L. de Moura and N. Bjørner.
Z3: An Efficient SMT Solver.
In TACAS’08, pages 337–340, 2008.

L. de Moura and N. Bjørner.
Generalized, Eﬃcient Array Decision Procedures.
In FMCAD, 2009.
D. Detlefs, G. Nelson, and J. B. Saxe.
Simplify: a theorem prover for program checking.
Journal of ACM, 52(3):365–473, 2005.
B. Dutertre and L. M. de Moura.
A Fast Linear-Arithmetic Solver for DPLL(T).
In CAV’06, pages 81–94, 2006.
V. Ganesh and D. L. Dill.
A Decision Procedure for Bit-Vectors and Arrays.
In CAV, pages 519–531, 2007.
R. Nieuwenhuis and A. Oliveras.
DPLL(T) with Exhaustive Theory Propagation and Its Application to
Diﬀerence Logic.
In CAV’05, pages 321–334, 2005.

R. Nieuwenhuis and A. Oliveras.
Proof-Producing Congruence Closure.
In RTA’05, pages 453–468, 2005.

satandsmt.stpetersburg

Recommended

Recommended

More Related Content

Similar to satandsmt.stpetersburg

Similar to satandsmt.stpetersburg (20)

More from Roberto Bruttomesso

More from Roberto Bruttomesso (6)

Recently uploaded

Recently uploaded (20)

satandsmt.stpetersburg